light bulb

Did You Know?



Reply
Posts: 4,814
Topics: 3,041
Kudos: 5,933
Registered: ‎06-12-2013

Linux gets fix for flaw that threatens security of shared Web hosts

Privilege escalation bug lets untrusted users wrest control of vulnerable systems.

by Dan Goodin - June 5 2014

 

 

The Linux operating system kernel has been patched against yet another flaw that leaves servers in some shared Web hosting environments susceptible to hijacking.

The vulnerability, formally cataloged as CVE-2014-3153, is located in the futex subsystem of Linux, according to an advisory published Thursday by Debian, a distributor of the open source OS. The flaw allows untrusted users with unprivileged system access to escalate their control. From there, they can crash the system or do other nefarious things, including possibly executing malicious code.

"Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall," the advisory stated. "An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."

 

Full Article

Sr. Community Leader

Posts: 4,814
Topics: 3,041
Kudos: 5,933
Registered: ‎06-12-2013

Serious vulnerabilities in the Linux kernel, upgrade it now!

By paganinip on June 7th, 2014

 

                                                                            Linux vulnerabilities

 

A new series of vulnerabilities in Linux Kernel allows an attacker to lead DoS and privilege escalation attack, Debian urges upgrades for Linux users.

Numerous security flaws have been discovered and fixed in the Linux kernel, patch management for these vulnerabilities is critical to avoid that attackers could have led to a denial of service or privilege escalation.

Debian yesterday issued a new security update to warn its Linux users about the presence of new vulnerabilities that could be exploited for the above reasons. The vulnerabilities are

CVE-2014-3144
CVE-2014-3145
CVE-2014-3153

 

Full Article

Sr. Community Leader